Trump’s Defense Secretary Accidentally Texted War Plans to The Atlantic: ‘I Didn’t Think It Could Be Real,’ Editor Says

[NxNW]

 

[DaisyDay]

Except the Houthis weren't invited to the thread and didn't know. I mean Trump has said he was going after them and he did. This was a successful operation. Rhe goal was obtained. Becauae someone, maybe Waltz, added the journalist to the tread doeant mean the operation would have failed even if he would have posted it in the newspaper.

Someone needs to be brought to task for this mistake for sure. But to go after Hegseth, who didn't start the chat nor did he invite the journalist. He was doing what he was asked to do in a front to back encrypted and approved service.

Nope, Signal was specifically, by name, not approved for sensitive (let alone classified) information.

DoD Memo Re Signal 2023

Page 6; Attachment 2; 4: Application Security Requirements;
10) Unmanaged 'messaging apps,' including any app with a chat feature, regardless of the primary function, are NOT authorized to access, transmit, process non-public DoD information. This includes but is not limited to messaging, gaming, and social media apps. (i.e., iMessage, WhatsApps, Signal). An Exception to Policy (E2P) request must be submitted by the appropriate Component for use of an unmanaged messaging app that is critical to fulfilling mission operations at https://rmfks.osd.mil/dode2p.​

 

[RocksInMyHead]

The ability to add someone to a conversation is a compromise of an inherent weakness? good grief

Yes - especially if you can add anyone to any conversation. A basic-level security feature is to lock communications to a predefined group of people. Even corporate communications tools (i.e. Microsoft Teams) have this functionality.

Using an application that only allowed you to communicate with other members of government would have prevented this.

 

[RDKirk]

Yes - especially if you can add anyone to any conversation. A basic-level security feature is to lock communications to a predefined group of people. Even corporate communications tools (i.e. Microsoft Teams) have this functionality.

Using an application that only allowed you to communicate with other members of government would have prevented this.

Or at least other members with the appropriately hardware keyed phones.

 

[Maori Aussie]

She was found100% innocent of committing a crime.

More correctly "FBI director James Comey announced that the FBI investigation had concluded that Clinton had been "extremely careless" but recommended that no charges be filed because Clinton did not act with criminal intent, the historical standard for pursuing prosecution."

Hillary Clinton email controversy - Wikipedia

en.wikipedia.org

I do not ever recall any case of anyone ever being formally found "100% innocent".

 

[Always in His Presence]

Actually, it is. That's literally a deliberate back-door, and all back doors are inherent weaknesses.

It is NOT a back door. What discussion app doesn’t allow people to add others to the discussion.

 

[Always in His Presence]

Now everyone is a military communications expert.

 

[Belk]

So you say. But the principals involved decided differently. By the way they did have other meetings later. But you are meeting at the same time as an operation is going on. And they elected to have some discussions about it. These are all high level people and they most certainly can decide what to do and what to discuss while they are together.

Team – establishing a principles group for coordination on Houthis, particularly for over the next 72 hours.

They made the decision to discuss what they did. Which was fine considering who was SUPPOSED to be in the group. High level people with clearance can talk about whatever they want and are AUTHORIZED to do so.




But they can be hacked correct? Of course they can.

Doesn't change the fact that Signal is a very secure app with encryption. These kinds of apps have security to get into. Just because you hack someone phone doesn't mean you can get into every app.

The DOD disagrees.

https://www.npr.org/2025/03/25/nx-s1-5339801/pentagon-email-signal-vulnerability

 

[Belk]

Duplicate

 

[RDKirk]

It is NOT a back door. What discussion app doesn’t allow people to add others to the discussion.

One that is designed to be secure.

And there is such an app used by the Intelligence Community.

But it doesn't run on android or iOS or Windows or Linux.

 

[adrianmonk]

I think most secure applications would have a similar issue. It's possible for the wrong person to be invited to an in person meeting. It's a problem anykne could have for any meeting on line or not.

It depends on the application. Applications can be configured to only permit individuals from a specific organization, and can go even more finely grained as in only allow someone from a specific subtree of the directory (for example a specific department or group). The organization policy can be configured to either warn or outright deny users who do not fall into these categories. Like @RocksInMyHead said, even Teams has this policy.

The ability to add someone to a conversation is a compromise of an inherent weakness? good grief

Yes, when that person has not been authenticated and authorized to access the conversation. Authorization in this scenario was provided without authentication.

It is NOT a back door. What discussion app doesn’t allow people to add others to the discussion.

Discussion apps that are secure do not allow people to be added without them passing a minimum requirement of authentication (verify who you are) and authorization (verify what you are allowed to do). As what happened in this case.

Now everyone is a military communications expert.

I do not have to be a military communications expert to point out the issues in using Signal for classified communication. Signal is an application meant for the regular consumer not the government. It has been designed to make it easy for individuals to communicate over an encrypted channel. That's it. I write software that requires both authentication and authorization to work properly. It is a more secure method than sending sms sure, but that's not an endorsement for using it vs government applications.

You have NO WAY to verify that the person on the other end of the Signal app is who they say they are or if they have authorization to be in your secure chat. If you have 2 people named Albert Einstein in your phone contacts, it will show them that way in Signal. If you accidentally name a contact on your phone as your wife, there is a high likelihood you may message her instead of whom you mean to. Even Teams warns you if you add someone outside of your organization. Signal does not have the concept of organizations so this part is impossible and thus will always be insecure.

There is quite a bit of trust that is required for it to work. You cannot setup any policies that can be enforced on Signal to ensure this. Signal has no such policies that can be configured and you cannot add it yourself, because you do not control their infrastructure.

Additionally the chat screenshot says the messages are auto deleted after a week. Wouldn't this be against the Federal Records Act ? I think they used Signal specifically to have a conversation that they did not want to keep records for.

 

[rjs330]

Nope, Signal was specifically, by name, not approved for sensitive (let alone classified) information.

DoD Memo Re Signal 2023

​

Page 6; Attachment 2; 4: Application Security Requirements;​

10) Unmanaged 'messaging apps,' including any app with a chat feature, regardless of the primary function, are NOT authorized to access, transmit, process non-public DoD information. This includes but is not limited to messaging, gaming, and social media apps. (i.e., iMessage, WhatsApps, Signal). An Exception to Policy (E2P) request must be submitted by the appropriate Component for use of an unmanaged messaging app that is critical to fulfilling mission operations at https://rmfks.osd.mil/dode2p.​

Well who's John Sherman? Does he have authority over the adminiatration and the Director?

 

[RDKirk]

Well who's John Sherman? Does he have authority over the adminiatration and the Director?

You miss the point. The point is that after consideration by security officials, Signals was determined unsecurable.

You're making an appeal to authority, which might govern disciplinary activity, but does not invalidate the fact that Signals is unsecurable.

This is like the Challenger shuttle engineers warning, "Don't launch below freezing" and the administration and Director ordering the launch anyway. The dictum of the Director didn't make physics stop happening.

 

[DaisyDay]

Well who's John Sherman? Does he have authority over the adminiatration and the Director?

At the time the memo was written, he was CIO of the DoD (it's in the header and easily confirmed). He is currently dean of the Bush School of Government and Public Service at Texas A&M University - go Aggies!

You had declared, without evidence, that "He [Hegseth] was doing what he was asked to do in a front to back encrypted and approved service." Do you have anything at all to back up this assertion that Signal was approved for the use with sensitive information?

 

[Pommer]

They were using personal phones.

The lack of the ability to empathize is what this is…Senior Officials who can’t figure out how how encryption works, leading to an assumption that nobody who how it works and we’re therefore “okay” if we use our personal phones.

 

[Pommer]

What nation is going to share highly sensitive intelligence with the US, now?
Senior officials have blinded their own people.

 

[Maori Aussie]

What nation is going to share highly sensitive intelligence with the US, now?
Senior officials have blinded their own people.

It has been that way a while now. The funny thing was Australian media covering battles involving Australian and US troops in Afghanistan:
Australian Journalist: Is the Oz DoD able to comment regarding the US DoD press release regarding Australian troops in combat?
Oz DoD: Not at this time.
Australian Journalist: Is the Oz DoD able to confirm the accuracy of the US DoD press release regarding Australian troops in combat?
Oz DoD: Not at this time.
Australian Journalist: Will the Oz DoD comment regarding Australian troops in combat at a future date?
Oz DoD: I am not able to confirm that.
The trifecta! :->

 

[adrianmonk]

The lack of the ability to empathize is what this is…Senior Officials who can’t figure out how how encryption works, leading to an assumption that nobody who how it works and we’re therefore “okay” if we use our personal phones.

It may also be the fact that you can set messages to auto delete in Signal. Official business communications must be recorded/logged/kept and this is bypassing that.

If you assume that this was done for convenience, or with the malicious intent to not leave a paper trail, it is very bad either way. We don't know if they accidentally invited someone else who was not authorized to a discussion that may have been more sensitive that this one.

 

[rjs330]

You had declared, without evidence, that "He [Hegseth] was doing what he was asked to do in a front to back encrypted and approved service." Do you have anything at all to back up this assertion that Signal was approved for the use with sensitive information?

Yup, they are the highest level of government. They authorized it by being on it. It's no different than a boss deciding they want to do something. They can authorized themselves to do it. They are the boss. They are under no obligation to follow their predecessors memos.

It is an encrypted service. And you can complain and whine all you want, but it doesn't matter.

Im not saying it's the best service to use. I even said in a previous post I want my officials using the the absolute best encryption service along with the most powerful security on the device as possible.

Bottom line is, everything went fine. Nothing was shared that was mission critical. Wong screwed up and needs to face the consequences for his error.

Everyone else was just doing what they decided to do. Lesson learned.

 

[Bradskii]

Now everyone is a military communications expert.

If you are discussing this matter with someone with great experience of how the military works in situations like this then, if I were you, I'd listen a lot more attentively.